Rethinking GDPR Sustenance

Christos Syngelakis, Group Data Protection Officer, Motor Oil

Could You Walk US Through the Current Pain Points of Organizations in Aligning with GDPR Compliance?

GDPR compliance is a rather unsettling scenario that most organizations are going through today. It’s because GDPR’s creators are law-proficient individuals, who, to a certain degree, may have misunderstood how technology and data are correlated. As a result, companies are often in a dilemma about the capabilities required for being GDPR compliant. Moreover, being relatively new regulations that came just about four years ago, the GDPR mandates enforce companies to adopt an approach to data protection that they were not accustomed to before.

GDPR regulatory bodies also have high authority over any organization and can even shut them down in case of noncompliance. As compliance with the regulations guarantees data privacy and protection, organizations ought to utilize relevant technology tools to align with GDPR. Another major pain point while complying with GDPR is the regulation’s oversight on vendors and third-party businesses. Even after signing GDPR compliance contracts with organizations, oftentimes vendors and third-party providers fail to maintain the compliance in their operations. No one has the ability to check the actual and not the declared, compliance status of tens or hundreds of service providers and vendors. In such cases, the violation accusation falls on the organization and they suffer the consequences.

Please Elaborate on How Organizations Can Accelerate their Efforts to Comply With GDPR?

GDPR compliance allows organizations to get a complete understanding of data protection and privacy. Leveraging that knowledge, companies must create specific processes and apply them to all activities such as the acquisition, transfer and storage of personal data.

“The primary thing to understand is that data protection is not technical; it’s more about the approach to business”

But the theoretical approach to practice is very different Organizations may have the necessary processes, but external assistance will often be required to utilize them optimally and accelerate their efforts to comply with GDPR.

Looking at the complexities in measures that must be taken for GDPR compliance, there is always something better that can be done to gain better sustenance. Where to stop is undefined and if something happens, authorities will ask why you didn’t choose something better. Organizations must choose their providers, advisors, and technologies efficiently to derive the best options for complying with GDPR.

What Advices Do You Wish to Share With Your Peers in the Information Security Space?

It is important to understand that data protection is not technical; it is more of an approach to doing business. Irrespective of what mode a business is, managers must encourage employees to avoid any improper use of data. To ensure the proper use, they must get a clear view of how the employees and teams are handling data regularly.

Also, organizations must authorize the level of data access allowed for different employees. It can be done by implementing IT security measures to access management control in every data-centric operation.

When procuring any product, they must choose the ones that give them the ability to be GDPR compliant. At the same time, they also need have a clear knowledge about using it in compliance to GDPR.